loop analysis in key
play

Loop Analysis in KeY Tobias Gedell gedell@cs.chalmers.se 4th KeY - PowerPoint PPT Presentation

Aug 05, 2023 •131 likes •434 views

Loop Analysis in KeY Tobias Gedell gedell@cs.chalmers.se 4th KeY Workshop - L okeberg June 9th, 2005 p. 1/29 Introduction There are currently two ways of handling loops in KeY: Symbolic execution - repeated unwinding of loops Can be

  1. Loop Analysis in KeY Tobias Gedell gedell@cs.chalmers.se 4th KeY Workshop - L¨ okeberg June 9th, 2005 – p. 1/29

  2. Introduction There are currently two ways of handling loops in KeY: ⊲ Symbolic execution - repeated unwinding of loops Can be performed automatically by the system, but time consuming and not always possible. ⊲ Induction Hard to use and cannot automatically be applied by the system. 4th KeY Workshop - L¨ okeberg June 9th, 2005 – p. 2/29

  3. Symbolic execution - drawbacks Example: for(int i = 0; i < a.length; i++) a[i] = i; ⊲ Time consuming: If a.length is large than we need to execute the loop many times. ⊲ Not possible: If a.length is unknown we do not know when to stop. We want to do better! 4th KeY Workshop - L¨ okeberg June 9th, 2005 – p. 3/29

  4. Symbolic execution - how it works for(int i = 0; i < a.length; i++) a[i] = i; ... 4th KeY Workshop - L¨ okeberg June 9th, 2005 – p. 4/29

  5. Symbolic execution - how it works for(int i = 0; i < a.length; i++) a[i] = i; ... � {a[0] := 0} for(int i = 1; i < a.length; i++) a[i] = i; ... 4th KeY Workshop - L¨ okeberg June 9th, 2005 – p. 5/29

  6. Symbolic execution - how it works for(int i = 0; i < a.length; i++) a[i] = i; ... � {a[0] := 0} for(int i = 1; i < a.length; i++) a[i] = i; ... � {a[0] := 0, a[1] := 1} for(int i = 2; i < a.length; i++) a[i] = i; ... 4th KeY Workshop - L¨ okeberg June 9th, 2005 – p. 6/29

  7. Symbolic execution - how it works for(int i = 0; i < a.length; i++) a[i] = i; ... � {a[0] := 0} for(int i = 1; i < a.length; i++) a[i] = i; ... � {a[0] := 0, a[1] := 1} for(int i = 2; i < a.length; i++) a[i] = i; ... � {a[0] := 0, a[1] := 1, a[2] := 2, . . . } ... 4th KeY Workshop - L¨ okeberg June 9th, 2005 – p. 7/29

  8. Symbolic execution - how it works for(int i = 0; i < a.length; i++) a[i] = i; ... � {a[0] := 0} for(int i = 1; i < a.length; i++) a[i] = i; ... � {a[0] := 0, a[1] := 1} for(int i = 2; i < a.length; i++) a[i] = i; ... � {a[0] := 0, a[1] := 1, a[2] := 2, . . . } ... We iteratively construct the update describing all side-effects of the loop. 4th KeY Workshop - L¨ okeberg June 9th, 2005 – p. 8/29

  9. Symbolic execution - how it works For this example the update could have been constructed in a much more direct way! We can see that for each iteration of the loop the update {a[I] := I} will be added. We also know that these updates do not clash with each other. We can, therefore, skip the execution of the loop and instead directly construct the update: {∀ I ∈ [0 , a.length − 1] . a [ I ] := I, i := a.length } 4th KeY Workshop - L¨ okeberg June 9th, 2005 – p. 9/29

  10. Loop Analysis - the idea The idea behind the new treatment of loops is that we systematically: 1. Calculate the update of the loop body and abstract over the value of the loop variable, {a[I] := I} 4th KeY Workshop - L¨ okeberg June 9th, 2005 – p. 10/29

  11. Loop Analysis - the idea The idea behind the new treatment of loops is that we systematically: 1. Calculate the update of the loop body and abstract over the value of the loop variable, {a[I] := I} 2. calculate the range of the loop variable, [0, a.length - 1] 4th KeY Workshop - L¨ okeberg June 9th, 2005 – p. 11/29

  12. Loop Analysis - the idea The idea behind the new treatment of loops is that we systematically: 1. Calculate the update of the loop body and abstract over the value of the loop variable, {a[I] := I} 2. calculate the range of the loop variable, [0, a.length - 1] 3. make sure that some properties are fulfilled by the loop, For example no clashing. 4th KeY Workshop - L¨ okeberg June 9th, 2005 – p. 12/29

  13. Loop Analysis - the idea The idea behind the new treatment of loops is that we systematically: 1. Calculate the update of the loop body and abstract over the value of the loop variable, {a[I] := I} 2. calculate the range of the loop variable, [0, a.length - 1] 3. make sure that some properties are fulfilled by the loop, For example no clashing. 4. replace the loop by the abstracted update, quantified over by the range of the loop variable. {∀ I ∈ [0 , a.length − 1] . a [ I ] := I, i := a.length } 4th KeY Workshop - L¨ okeberg June 9th, 2005 – p. 13/29

  14. Loop Analysis - calculating the update When calculating the abstract update for the loop body, there are mainly two ways to go: ⊲ We can create a program analysis that calculates all assignments that are made. Pros: could be tailor made for specific purposes like checking for clashes. Cons: much implementation work, can already be done by KeY. 4th KeY Workshop - L¨ okeberg June 9th, 2005 – p. 14/29

  15. Loop Analysis - calculating the update When calculating the abstract update for the loop body, there are mainly two ways to go: ⊲ We can create a program analysis that calculates all assignments that are made. Pros: could be tailor made for specific purposes like checking for clashes. Cons: much implementation work, can already be done by KeY. ⊲ We can also let KeY compute the update. Pros: little implementation work, can check additional properties. 4th KeY Workshop - L¨ okeberg June 9th, 2005 – p. 15/29

  16. Loop Analysis - soundness properties Observation: What we want to do is quite similar to loop vectorization and parallelization. Instead of executing the loop in a sequential order we execute it in parallel. This can only be done when some properties are fulfilled: ⊲ The loop variable is monotonically increasing/decreasing. (The order of the updates must be clear.) 4th KeY Workshop - L¨ okeberg June 9th, 2005 – p. 16/29

  17. Loop Analysis - soundness properties Observation: What we want to do is quite similar to loop vectorization and parallelization. Instead of executing the loop in a sequential order we execute it in parallel. This can only be done when some properties are fulfilled: ⊲ The loop variable is monotonically increasing/decreasing. (The order of the updates must be clear.) ⊲ The loop condition is of the form, i op e , where the value of e is not modified by the loop body. (We need to be able to calculate the range of the loop variable.) 4th KeY Workshop - L¨ okeberg June 9th, 2005 – p. 17/29

  18. Loop Analysis - soundness properties Observation: What we want to do is quite similar to loop vectorization and parallelization. Instead of executing the loop in a sequential order we execute it in parallel. This can only be done when some properties are fulfilled: ⊲ The loop variable is monotonically increasing/decreasing. (The order of the updates must be clear.) ⊲ The loop condition is of the form, i op e , where the value of e is not modified by the loop body. (We need to be able to calculate the range of the loop variable.) ⊲ The loop body does not terminate the loop by executing a break , raising an exception or something similar. 4th KeY Workshop - L¨ okeberg June 9th, 2005 – p. 18/29

  19. Loop Analysis - soundness properties Observation: What we want to do is quite similar to loop vectorization and parallelization. Instead of executing the loop in a sequential order we execute it in parallel. This can only be done when some properties are fulfilled: ⊲ The loop variable is monotonically increasing/decreasing. (The order of the updates must be clear.) ⊲ The loop condition is of the form, i op e , where the value of e is not modified by the loop body. (We need to be able to calculate the range of the loop variable.) ⊲ The loop body does not terminate the loop by executing a break , raising an exception or something similar. ⊲ There is no dependence between the loop iterations. 4th KeY Workshop - L¨ okeberg June 9th, 2005 – p. 19/29

  20. Loop Analysis - soundness properties There are mainly two different kinds of dependencies: for(int i = 0; i <= 10; i++) s : a[i] = a[i - 1]; s v - the statement s where the loop variable has the value v . ⊲ Data dependence A statement s k writes to a location that is read by a statement s l . If k < l , ( a[i] = a[i - 1] ), we cannot execute the loop in parallel. If k > l , ( a[i] = a[i + 1] ), we execute it in parallel and replace a on the RHS with an array containing the original values of a . 4th KeY Workshop - L¨ okeberg June 9th, 2005 – p. 20/29

  21. Loop Analysis - soundness properties There are mainly two different kinds of dependencies: ⊲ Output dependence A statement s k writes to a location that is overwritten by a statement s l . Both the cases where k > l and l < k , ( a = f(i) ), can be handled by using a last-win clash semantics for the constructed quantified updates. We must only make sure that the updates comes in the right order. 4th KeY Workshop - L¨ okeberg June 9th, 2005 – p. 21/29

  22. Loop Analysis - benefits of KeY Traditionally, in the field of loop vectorization and parallelization, the test for dependence gives just a boolean answer. If some part of the program is unknown, it must approximate and say that there is a dependence. We, on the other hand, have a theorem prover backing us up! 4th KeY Workshop - L¨ okeberg June 9th, 2005 – p. 22/29

  23. Loop Analysis - benefits of KeY Traditionally, in the field of loop vectorization and parallelization, the test for dependence gives just a boolean answer. If some part of the program is unknown, it must approximate and say that there is a dependence. We, on the other hand, have a theorem prover backing us up! Consider for example: for(i = 0; i <= 10; i = i + 1) a[i] = b[i + c]; 4th KeY Workshop - L¨ okeberg June 9th, 2005 – p. 23/29

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

V3 Loop Sequence Space Analysis Kasia Bo ek bozek@mpi-inf.mpg.de Max-Planck Institute fr

V3 Loop Sequence Space Analysis Kasia Bo ek bozek@mpi-inf.mpg.de Max-Planck Institute fr

V3 Loop Sequence Space Analysis Kasia Bo ek bozek@mpi-inf.mpg.de Max-Planck Institute fr Informatik, Saarbrcken AREVIR Bonn 24.04.2009 V3 loop sequence space analysis selection of V3 loop sequence variants for experimental imaging of

613 views • 15 slides
1 Legality of Loop Interchange (cont) Loop Interchange Example Case analysis of the direction

1 Legality of Loop Interchange (cont) Loop Interchange Example Case analysis of the direction

Loop Transformations for Parallelism &amp; Locality Loop Permutation Idea Previously Swap the order of two loops to increase parallelism, to improve spatial Data dependences and loops locality, or to enable other transformations

604 views • 5 slides
Upper and Lower Loop Bound Estimation by Symbolic Execution and Loop Acceleration Pavel Cadek

Upper and Lower Loop Bound Estimation by Symbolic Execution and Loop Acceleration Pavel Cadek

Upper and Lower Loop Bound Estimation by Symbolic Execution and Loop Acceleration Pavel Cadek 1 1 TU Wien, Austria Formal Methods in Computer-Aided Design 30 Oct - 2 Nov, 2018 Loop Bound Analysis Upper loop bound: max { n , 0 } Lower loop

248 views • 5 slides
Principles of Program Analysis An overview of approaches beyond loop analysis and optimizations

Principles of Program Analysis An overview of approaches beyond loop analysis and optimizations

Principles of Program Analysis An overview of approaches beyond loop analysis and optimizations cs6363 1 The Nature of static analysis --- approximation Static program analysis --- predict the dynamic behavior of programs without running

368 views • 19 slides
Coarse-Grained Parallelism Variable Privatization, Loop Alignment, Loop Fusion, Loop

Coarse-Grained Parallelism Variable Privatization, Loop Alignment, Loop Fusion, Loop

Coarse-Grained Parallelism Variable Privatization, Loop Alignment, Loop Fusion, Loop interchange and skewing, Loop Strip-mining cs6363 1 Introduction Our previous loop transformations target vector and superscalar architectures Now

538 views • 32 slides
Repetition Types of Loops Counting loop Know how many times to loop

Repetition Types of Loops Counting loop Know how many times to loop

Repetition Types of Loops Counting loop Know how many times to loop Sentinel-controlled loop Expect specific input value to end loop Endfile-controlled loop End of data file is end of loop Input validation loop

257 views • 8 slides
Trading Strategies Introduction Trading Loop Trading Loop Trading Loop Trading Loop Three

Trading Strategies Introduction Trading Loop Trading Loop Trading Loop Trading Loop Three

Trading Strategies Introduction Trading Loop Trading Loop Trading Loop Trading Loop Three Strategies 1. Mean Reversion 2. Momentum 3. Pairs Trading Budish, E., Cramton, P ., &amp; Shim, J. (2015). The high-frequency trading arms race:

803 views • 22 slides
Loop-invariant code motion Example Two steps: analysis &amp; transformation x := 3 Step 1: find

Loop-invariant code motion Example Two steps: analysis &amp; transformation x := 3 Step 1: find

Loop-invariant code motion Example Two steps: analysis &amp; transformation x := 3 Step 1: find invariant computations in loop y := 4 y := 5 invariant: computes same result each time evaluated z := x * y Step 2: move them outside loop

355 views • 4 slides
1 What Is Control-Flow Analysis? Loop Concepts Control-flow analysis discovers the flow of

1 What Is Control-Flow Analysis? Loop Concepts Control-flow analysis discovers the flow of

Control-Flow Analysis and Loop Detection Context Last time Data-flow Speeding up data-flow analysis Flow of data values from defs to uses Could alternatively be represented as a data dependence Today Control-flow analysis

516 views • 5 slides
Unit 5: Electrical network analysis. Introduction: junction, branch, loop, network (multi-loop

Unit 5: Electrical network analysis. Introduction: junction, branch, loop, network (multi-loop

Unit 5: Electrical network analysis. Introduction: junction, branch, loop, network (multi-loop circuit). Kirchhoffs Rules: junction and loop rules. Thvenins theorem. Introduction: definitions Electrical network: Set of

147 views • 10 slides
Control-Flow Analysis and Loop Detection Last time PRE Today Control-flow

Control-Flow Analysis and Loop Detection Last time PRE Today Control-flow

Control-Flow Analysis and Loop Detection Last time PRE Today Control-flow analysis Loops Identifying loops using dominators Reducibility Using loop identification to identify induction

270 views • 15 slides
Tuning PI controllers in non-linear uncertain closed-loop systems with interval analysis J.

Tuning PI controllers in non-linear uncertain closed-loop systems with interval analysis J.

Tuning PI controllers in non-linear uncertain closed-loop systems with interval analysis J. Alexandre dit Sandretto, A. Chapoutot and O. Mullier U2IS, ENSTA ParisTech SYNCOP April 11, 2015 Closed-loop control systems r ( t ) e ( t ) u ( t )

284 views • 17 slides
1 Checking Legality in Kelly &amp; Pugh Framework Loop Fusion Example (cont) For each dependence,

1 Checking Legality in Kelly &amp; Pugh Framework Loop Fusion Example (cont) For each dependence,

Loop Transformations for Parallelism &amp; Locality Loop Fusion Example Last time What are the dependences? Unimodular transformation framework do i = 1,n What are the dependences? Loop permutation s 1 A(i) = B(i) + 1 Loop

201 views • 3 slides
V3 Loop Sequence Space Analysis Kasia Bo ek bozek@mpi-inf.mpg.de MPI Saarbrcken AREVIR

V3 Loop Sequence Space Analysis Kasia Bo ek bozek@mpi-inf.mpg.de MPI Saarbrcken AREVIR

V3 Loop Sequence Space Analysis Kasia Bo ek bozek@mpi-inf.mpg.de MPI Saarbrcken AREVIR meeting, Bonn 11.04.2008 V3 loop highly variable genome sequence related to coreceptor usage CCR5-CXCR4 coreceptor switch related to rapid disease

812 views • 34 slides
Preventing Premature Conclusions Analysis of Human-In-the-Loop Air Combat Simulations 30 August

Preventing Premature Conclusions Analysis of Human-In-the-Loop Air Combat Simulations 30 August

Preventing Premature Conclusions Analysis of Human-In-the-Loop Air Combat Simulations 30 August 2012 Matthew MacLeod Centre for Operational Research and Analysis Outline The issue Randomness and expectation Issues with small samples

486 views • 24 slides
Advances in Loop Analysis Frameworks and Optimizations Adam Nemet &amp; Michael Zolotukhin

Advances in Loop Analysis Frameworks and Optimizations Adam Nemet &amp; Michael Zolotukhin

Advances in Loop Analysis Frameworks and Optimizations Adam Nemet &amp; Michael Zolotukhin Apple Loop Unrolling for (x = 0; x &lt; 6; x++) { foo(x); } Loop Unrolling for (x = 0; x &lt; 6; x += 2) { for (x = 0; x &lt; 6; x++) { foo(x);

1.62k views • 115 slides
Cloud9 Parallel Symbolic Execution for Automated Real-World Software Testing Stefan Bucur, Vlad

Cloud9 Parallel Symbolic Execution for Automated Real-World Software Testing Stefan Bucur, Vlad

Cloud9 Parallel Symbolic Execution for Automated Real-World Software Testing Stefan Bucur, Vlad Ureche, Cristian Zamfir, George Candea School of Computer and Communication Sciences Automated Software Testing Automated Industrial Techniques

1.25k views • 59 slides
Using Unfoldings in Automated Testing of Multithreaded Programs Kari Khknen, Olli Saarikivi,

Using Unfoldings in Automated Testing of Multithreaded Programs Kari Khknen, Olli Saarikivi,

Using Unfoldings in Automated Testing of Multithreaded Programs Kari Khknen, Olli Saarikivi, Keijo Heljanko (firstname.lastname@aalto.fi) Department of Computer Science and Engineering, Aalto University &amp; Helsinki Institute for

522 views • 41 slides
symbolic deobfuscation Sbastien Bardin (CEA LIST) Sbastien Bardin GreHack 2017 | 1 ABOUT

symbolic deobfuscation Sbastien Bardin (CEA LIST) Sbastien Bardin GreHack 2017 | 1 ABOUT

CODE PROTECTION: the promises and limits of symbolic deobfuscation Sbastien Bardin (CEA LIST) Sbastien Bardin GreHack 2017 | 1 ABOUT MY LAB @CEA [Paris-Saclay, France] Sbastien Bardin GreHack 2017 | 2 IN A NUTSHELL

664 views • 40 slides
Heap Cloning: Enabling Dynamic Symbolic Execution of Java Programs Saswat Anand Mary Jean

Heap Cloning: Enabling Dynamic Symbolic Execution of Java Programs Saswat Anand Mary Jean

11/27/2011 Heap Cloning: Enabling Dynamic Symbolic Execution of Java Programs Saswat Anand Mary Jean Harrold Supported by NSF (CCF-0725202, CCF-0541048) and IBM (Software Quality Innovation Award) Symbolic Execution 35 Databases 30

558 views • 22 slides
Quantifiers and Functions in Intuitionistic Logic Association for Symbolic Logic Spring Meeting

Quantifiers and Functions in Intuitionistic Logic Association for Symbolic Logic Spring Meeting

Quantifiers and Functions in Intuitionistic Logic Association for Symbolic Logic Spring Meeting Seattle, April 12, 2017 Rosalie Iemhoff Utrecht University, the Netherlands 1 / 37 Quantifiers are complicated. 2 / 37 Even more so in

519 views • 37 slides
t r rt t

t r rt t

rt trt t sts t rsts t r rt t

282 views • 17 slides
The Logic of Common Ignorance Gert-Jan Lokhorst TU Delft g.j.c.lokhorst@tudelft.nl Collective

The Logic of Common Ignorance Gert-Jan Lokhorst TU Delft g.j.c.lokhorst@tudelft.nl Collective

The Logic of Common Ignorance Gert-Jan Lokhorst TU Delft g.j.c.lokhorst@tudelft.nl Collective Intentionality X The Hague, The Netherlands September 1, 2016 1 / 13 Introduction Quote Knowledge is a big subject. Ignorance is bigger. . .

326 views • 13 slides
Computational Intelligence A Logical Approach David Poole Alan Mackworth Randy Goebel Oxford

Computational Intelligence A Logical Approach David Poole Alan Mackworth Randy Goebel Oxford

Computational Intelligence A Logical Approach David Poole Alan Mackworth Randy Goebel Oxford University Press 1998 What is Computational Intelligence? The study of the design of intelligent agents . An agent is something that acts

328 views • 7 slides

More recommend